From patchwork Sat Nov  1 04:37:37 2008
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexey Dobriyan <adobriyan@gmail.com>
X-Patchwork-Id: 6769
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.176.167])
	by ozlabs.org (Postfix) with ESMTP id 6FB51DDDEE
	for <patchwork-incoming@ozlabs.org>;
	Sat,  1 Nov 2008 15:40:22 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750789AbYKAEeZ (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sat, 1 Nov 2008 00:34:25 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750722AbYKAEeY
	(ORCPT <rfc822;netdev-outgoing>); Sat, 1 Nov 2008 00:34:24 -0400
Received: from ey-out-2122.google.com ([74.125.78.25]:6694 "EHLO
	ey-out-2122.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750716AbYKAEeY (ORCPT
	<rfc822;netdev@vger.kernel.org>); Sat, 1 Nov 2008 00:34:24 -0400
Received: by ey-out-2122.google.com with SMTP id 6so583830eyi.37
	for <netdev@vger.kernel.org>; Fri, 31 Oct 2008 21:34:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:date:from:to:cc:subject
	:message-id:mime-version:content-type:content-disposition:user-agent;
	bh=YhfllGvvRwGu6uVPrYu36rKST00h6HE4erg6Ux9vfY4=;
	b=C9sOv7BjRNiFENHRWiT6X8JLgK3dzJ/gYOyXgW8S6l+JPFJm91fXtYisYScL9nwPH9
	k7Sa/IgNJRhFm12KR9PIxH7QYtU9NOBXK0ZWq4bq+LFnrCOfL77+8OQwAHVyzAA4dZBM
	2XwbkAU8tewIQ/uFFBreaF3DNyXynzgZLjCgw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=date:from:to:cc:subject:message-id:mime-version:content-type
	:content-disposition:user-agent;
	b=C7KuVaWrLV5tA4OnPAD4u1IrwZ3npo9jMQ/sp1gh5ExnYOPVz3uLI9zxfozfqq95eu
	S/SgEpP/L7xth4LXV2jzBNJm1I6qd/pxQSSpA0BCfD5BH71zc7MdDLy7Dc/ZROsiGeqB
	GZBih19Lvvh8vYQJ5aSuJcmrdodvB4J+sJzCc=
Received: by 10.210.49.19 with SMTP id w19mr5375563ebw.149.1225514062327;
	Fri, 31 Oct 2008 21:34:22 -0700 (PDT)
Received: from localhost (gw.zunet.ru [217.67.117.64])
	by mx.google.com with ESMTPS id
	k9sm21127134nfh.23.2008.10.31.21.34.20
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Fri, 31 Oct 2008 21:34:21 -0700 (PDT)
Date: Sat, 1 Nov 2008 07:37:37 +0300
From: Alexey Dobriyan <adobriyan@gmail.com>
To: davem@davemloft.net, herbert@gondor.apana.org.au
Cc: netdev@vger.kernel.org
Subject: [PATCH] Fix ESP SA loading (by default)
Message-ID: <20081101043737.GA1621@x200.localdomain>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

digest_null algorithm is now mandatory for ESP.

Steps to reproduce:

	kernel with CONFIG_CRYPTO_NULL=n

	#!/usr/sbin/setkey -f
	flush;
	spdflush;
	add 192.168.0.1 192.168.0.42 esp 15701 -E 3des-cbc "123456789012123456789012";

This will successfully create ESP SA.

Now, apply commit 38320c70d282be1997a5204c7c7fe14c3aa6bfaa aka
"[IPSEC]: Use crypto_aead and authenc in ESP" and ESP SAs won't be created.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---

 Ewwww, such a cool bug turned out to be configuration issue!

 And I was thinking why on earth why Debian 2.6.26 based kernel is OK,
 but 2.6.25-rc1 (!) fails. Ditto for minimalistic config for testing with KVM.
 Not mentioning Debian's gcc creating references to __ucmdhowitiscalled up
 and including to 2.6.18 and screwing bisection hard way.

 Now that I passed first IPsec tutorial, allow me to start netns XFRM work :^)

 net/ipv4/Kconfig |    1 +
 net/ipv6/Kconfig |    1 +
 2 files changed, 2 insertions(+)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -346,6 +346,7 @@ config INET_ESP
 	select CRYPTO_AUTHENC
 	select CRYPTO_HMAC
 	select CRYPTO_MD5
+	select CRYPTO_NULL
 	select CRYPTO_CBC
 	select CRYPTO_SHA1
 	select CRYPTO_DES
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -86,6 +86,7 @@ config INET6_ESP
 	select CRYPTO_AUTHENC
 	select CRYPTO_HMAC
 	select CRYPTO_MD5
+	select CRYPTO_NULL
 	select CRYPTO_CBC
 	select CRYPTO_SHA1
 	select CRYPTO_DES